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Appendix 

This listing of claims includes claim amendments as should have been presented 
in the Amendment and Reply filed on October 1 8, 2010. 

1 . (Currently Amended) A method comprising: 

receiving, using a processing device, a first request, from a first sponsor of an 
access candidate, for access to a first security level in a computer network, wherein the 
first security level secures computational resources for accessing manipulating electronic 
data; 

determining, using the processing device, whether access candidate attributes 
satisfy access requirements of the resources, wherein the access candidate attributes are 
revisable based, at least in part, on a determination indicating that access to the first level 
is prohibited; 

granting, using the processing device, access to the first security level based on 
an evaluation of the first request a determination indicating that access to the first level is 
not prohibited ; 

receiving, using the processing device, a second request, from a second sponsor 
of the access candidate, for access to a second security level in the computer network in 
response to the granting of access to the first security level, wherein the second security 
level secures the electronic data; 

determining, using the processing device, whether attribut e s of the access 
candidate attributes satisfy access requirements of the electronic data secured by the 
second security level; 

submitting, u s ing the proc e ssing device, a third obtaining authorization for the 
second request for authorization to from a resolution authority if the access candidate 
attributes fail to satisfy the access requirements of the electronic data in response to a 
determination indicating that access to the second security level is prohibite d, wher e in 
the-res olution authority modifi e s t h e acc e ss -require m e nts ; and 

in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the second security level. 

Atty. Dkt. No. 2222.3810000 



-24- 

Reply to Office Action of January 7, 201 1 



BELANGER et al 
Appl. No. 10/659,368 



2. (Currently Amended) The method of Claim 1, further comprising granting 
access to the second security level in response to determining that the attributes of th e 
access candidate attributes satisfy the access requirements of the electronic data. 

3. (Currently Amended) The method of Claim 1, further comprising denying access 
to the second security level if th e resolution authority denies the third request the 
authorization for the second request cannot be obtained . 

4. (Currently Amended) The method of Claim 1, wherein at least one of the access 
requirements of the resources and the access requirements of the electronic data are 
represented as part of a graphical display associated with the access candidate and 
accessed for display to a controller via a network. 

5. (Currently Amended) The method of Claim 1, wherein at least one of the access 
requirements of the resource and the access requirements of the electronic data comprise 
a citizenship status of the access candidate or a current location of the access candidate. 

6. (Currently Amended) The method of Claim 5, wherein the attributes of the 
access candidate attributes comprise a citizenship status of the access candidate or a 
current location of the access candidate. 

7. (Currently Amended) A method comprising: 

receiving, using a processing device, a first request, from a first sponsor of an 
access candidate, for physical access to a computer network; 

determining, using the processing device, whether access candidate attributes 
satisfy access requirements of physical access, wherein the access candidate attributes 
are revisable based, at least in part, on a determination indicating that physical access is 
prohibited; 
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granting, using the processing device, the physical access to the computer 
network based on an e valuation of the fe d—request a determination indicating that 
physical access is not prohibited ; 

receiving, using the processing device, , a second request, from a second sponsor 
of the access candidate, for access to electronic data in the computer network in response 
to the granting of physical access to the computer network; 

determining, using the processing device, whether attribut e s of the access 
candidate attributes satisfy access requirements of the electronic data; 

• submitting, using th e proce s sing device^ a third obtaining authorization for the 
second request for authorization to from a resolution authority if the access candidate 
attri butes fail to satisfy access requirements of the electronic data in response to a 
determination indicating that access to the electronic data is prohibited , wh e r e in the 
re s olutio n authority modifies the-aocess requirem e nts ; and 

in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the electronic data if the-yesolution authority grants th e 
third reque s t . . 

8. (Currently Amended) The method of Claim 7, further comprising [[:]] 
comparing the access cand id at e with the access requirements o£4he electronic 

d ata t o det e rmine if access to the el e ctronic data is prohibited; an d 

granting access to the electronic data if the in response to a comparison of the 
access candidate attributes with the access requirements of the electronic data indicating 
indicates that access to the electronic data is not prohibited. 

9. (Currently Amended) The method of Claim 7, further comprising denying access 
to the electronic data if the resolution au thority-de nies th e-tlw^fequ^st the authorization 
for the second request cannot be obtained . 

10. (Currently Amended) The method of Claim 7, wherein the attribut e s of th e 
acc e ss candidate access candidate attributes are represented as part of a graphical display 
associated with the access candidate and accessed for display via a network. 
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1 1 . (Currently Amended) The method of Claim 7, wherein at least one of the access 
requirements of the electronic data, and the access requirements of physical access 
comprise a valid data access agreement with the access candidate; a current location of 
the access candidate; or a citizenship status of the access candidate, 

12. (Currently Amended) The method of Claim 11, wherein the attributes of the 
access candidate attributes comprise an existence of a data access agreement; a current 
location of the access candidate; or a citizenship status of the access candidate. 

13. (Currently Amended) The method as in Claim 7, wherein at least one of the 
access requirements of the electronic data and access requirements of physical access 

comprise a current location of the access candidate or a citizenship status of the access 

p. ■ 

candidate. 

14. (Previously Presented) The method of Claim 7, wherein at least one of the 
request for physical access or the request for access to the electronic data is submitted by 
more than one sponsor of the access candidate. 

15. (Currently Amended) A method comprising: 

identifying, using a processing device, a plurality of data subsets of electronic 
data, wherein respective data subsets correspond to respective sets of access 
requirements; 

determining, using the processing device, at least one data class associated with 
the respective data subsets, the at least one data class identifying at least a citizenship 
requirement and a location requirement for access to data associated with the at least one 
data class; 

♦ 

receiving, using the processing device, a first request, from a first sponsor of an 
access candidate, for access to a first security level in a computer network, wherein the 
first security level secures physical access to a computer workstation for accessing 
manipulating the electronic data, the first request including access attributes of the access 
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candidate comprising an indication of a citizenship status of the access candidate, an 
indication of a current location of the access candidate, and an indication of an existence 
of a data access agreement with the access candidate; 

determining, using the processing device, whether the access candidate attributes - 



attributes are revisable based,, at least in part, on a determination indicating that access to 
the first security level is prohibited; 



security level is not prohibited ; 

receiving, Using the processing device, a second request, from a second sponsor 
of the.access candidate, for access to a second security level in the computer network in 
response to the granting of access to the first security level, wherein the second security 
level secures access to at least one of the plurality of data subsets; 

determining, using the processing device, whether the attributes of the access 
candidate a ttributes satisfy the respective set of access requirements corresponding to the 
at least one of the plurality of data subsets; 

jStfb mitting, using the processing dev ic e , a t hird obtaining authorization for the 
second request for authorization to from a resolution authority [[,]] if the access 
candidate attributes fail to satisfy the respective set of access requirements corresponding 
to the a t le ast one of the plurality of data subsets in response to a determination 
indicating that access to the at least one of the plurality of data subsets is prohibited^ 



in response to obtaining the authorization from the resolution authority, granting 
the access candidate access to the second security level if th e resolution authority grants 
th e third r e quest . 

16. (Currently Amended) A system comprising: 

storage means for receiving and storing electronic data using a computer 
network; 



satisfy access requirements of the first security level wherein the access candidate 





; and 
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means for evaluating a first request for access to one or more resources in the 
computer network, wherein the resources secure the electronic data, [[and]] wherein an 
evaluation of the first request includes a first comparison of one or more attributes of the 
access candidate with one or more access requirements associated with the e l e ctronic 
data resources, and wherein the one or more attributes of the access candidate are 
revisable if the first comparison indicates that access is p rohi bi ted; 

means for granting access to the one or more resources if the first comparison 
indicates that access is not prohibited; 

means for evaluating a second request for access to the electronic data by the one 
or more resources, wherein an evaluation of the second request includes a second 
comparison of the one or more attributes of the access candidate with one or more access 
requirements associated with the electronic data; 

means for s ubmitting a third obtaining authorization for the second request fef 
authorization, based on the eva lua ti o n o f th e second r e quest indicating that access to the 
electronic data is prohibited, to form a resolution authorit y ^ wherein the resolution 
authority modifies the one or mor e a cces s requk-emente if the one or more attributes of 
the access candidate fails to satisfy one or more access requirements associated with the 
electronic data in response to the evaluation of the second request indicating that access 
to the electronic data is prohibited : and 

means for granting, in response to obtaining the authorization from the resolution 
authority, the access candidate access to the electronic data using the one or more 
resources based on a grant, by the r es o lu t i o n authority, of the third request , 

17. (Currently Amended) The system of Claim 16, further comprising means for 
granting access to the electronic data using the one or more resources configured to 
access and manipulate the electronic data if the second comparison indicates that access 
to the electronic data is not prohibited. 

18. (Currently Amended) The system of Claim 16, wherein the access candidate is 
denied access to the electronic data if the r e solution authority denie s authorization the 
authorization for the second request cannot be obtained . 
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19. (Currently Amended) The system of Claim 16, wherein the one or more 
attribut e s of the access candidate attributes are represented as part of a graphical display 
associated with the access candidate and accessed for display via a network. 

20. (Currently Amended) The system of Claim 16, wherein at least one of the one or 
more access requirements associated with the recourses and the one or more access 
requirements associated with the electronic data relates to at least one of: a valid data 
access agreement with a potential access candidate; a current location of the potential 
access candidate; or a citizenship status of the potential access, candidate. 

21. (Currently Amended) The system of Claim 20, wherein the one or more 
attribut e s of th e access candidate attributes relate to at least one of: an indication an . 
existence of a data access agreement with the access candidate; a current location of the 
access candidate; or a citizenship status of the access candidate. 

22. (Previously Presented) The system of Claim 16, wherein the one or more access 
requirements associated with the electronic data includes at least one of a current 
location of the access candidate or a citizenship status of the access candidate. 

23. (Previously Presented) A system comprising: 

storage configured to receive and store electronic data using a computer network; 

one or more resources configured to process and manipulate the electronic data 
using a computer network; 

a resource access controller configured to grant access to one or more resources, 
in response to a request for access to the one or more resources, based at least in part on a 
comparison of a citizenship status and a current location of an access candidate and an 
existence of a data access agreement with a citizenship requirement, wherein the location 
requirement and the data access agreement requirement are associated with the one or 
more resources; 

one or more data access controllers configured to grant access to a corresponding 
portion of the electronic data based at least in part on a comparison of the citizenship 
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status and the current location of the access candidate with the citizenship requirement 
and the location requirement associated with the one or more data classes of the 
corresponding portion of the electronic data; 

one or more resolution authorities configured to: 

modify access requirements associated with the one or more data classes,; 
and . . r'' . : 

authorize access to one or more portions of the electronic data in response 
to a comparison performed by a corresponding data access controller indicating that 
access is prohibited; and 

a data access module configured to: 

evaluate a request for access to one or more portions of the electronic data 
using the one or more resources, 

identify one or more data access controllers corresponding to the one or 
moreportions of the electronic data, and 

forward the request for access to the one or more identified data access 
controllers for evaluation regarding whether to grant access to the corresponding one or 
more portions of the electronic data. , 

24. (Currently Amended) A method comprising: 

receiving, using a controller in a computer network associated with secured 
electronic data, a request for access to the secured electronic data in the computer 
network; 

comparing, using the controller, one or more attributes of an access candidate 
with one or more access requirements associated with the secured electronic data; 

authorization for the request from a resolution authority if one or more attributes of the 
access candidate fails to satisfy one or more access requirements associated with the 
secured electronic data / wherein the resolution authority modifies4he one or mor e acc e ss 
r e quir e m e nts ; 
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in response to obtaining or not obtaining authorization from the resolution 
authority, granting or denying in whole or in part, using the controller, access to the 
secured electronic data based, at least in part, on a determination by the r e solution 
authority regarding whether to authorize a e eesg to th e-seeu red electronic data, wh e r e in 
tfre-detegmination by the resolution-authority is based on access candidate information 
and request related information/ 

wherein the one or more attributes of the access candidate are revisable based, at 
least in part, on a determination denying access to the secured electronic data . 

25'. (Previously Presented) The method of Claim 24, further comprising granting 
access to the secured electronic data in response to a comparison indicating that access 
by the access candidate is not prohibited. 

26. (Previously Presented) The method of Claim 24, wherein the one or more access 
requirements associated with the secured electronic data are represented as part of a 
graphical display associated with the access candidate and accessed for display to the 
controller via a network. 

27. (Previously Presented) The method of Claim 24, wherein the one or more access 
requirements associated with the secured electronic data are related to at least one of a 
citizenship status or a current location of the access candidate. 

28. (Previously Presented) The method Claim 27, wherein the one or more attributes 
of the access candidate includes at least one of a citizenship status or a current location of 
the access candidate. 

29. (Currently Amended) A method comprising: 

receiving, using a controller in a computer network associated with secured 
electronic data in the computer network, a request for access to the secured electronic 
data in the computer network; 
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comparing, using the controller, one or more attributes of an access candidate 



with one or more access requirements associated with the secured electronic data; 

granting, using the controller, access to the secured electronic data in response to 
a comparison indicating that access by the access candidate is not prohibited; 



access by the access candidate is prohibited , wherein th e resolution a ut hority modifie s 



in response to obtaining or not obtaining authorization from the resolution 
authority, granting or denying in whole or in part, using the controller access to the 
secured electronic data based, at least in part, on a determination by th e resolution 
au thority regarding v v he the r - to authoriz e access to t h e s ec ur ed electronic data, wherein 
the determination by fch^-re solution authority is based on access candidate information 
and request related information^ 

wherein the one or more attributes of the access candidate are revisable based, at 
least in part, on a determination denying access to the secured electronic data . 



30. (Currently Amended) An article of manufacture including a non-transitory 
computer-readable medium having instructions stored thereon, execution of which 
causes a processing device to perform operations comprising: 

receiving, using a processing device, a request for access to a first security level 
in a computer network; 

c omparing, using the processing devices one or more attributes of an access 
candidate with one or more access requirements associated with the first security level, 
wherein the one or more attributes of the access candidate are revisable based, at least in 
part, on a determination indicating that access by the access candidate to the first security 
level is prohibited; 

granting, using the processing device, access to the first security level based on a 
comparison of one or more attribut e s of an acc e ss candidat e with one o r mor e acc e ss 





0 
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requirements associated with indicating that access by the access candidate to the first 
security level is not prohibited ; 

receiving, using the processing device, a request for access to a second security 
level in the computer network; 

submitting , u si ng the processing device and obtaining authorization for the 
request from a resolution authority in response to a comparison indicating that access by 
the access candidate is prohibited , -- a r e qu e st for authorization to a res ete tion authority, 
wherein the resolution authority modifies one or more access-requirements associated 



31. (Previously Presented) The article of manufacture of Claim 30, further 
comprising granting access to the second security level in response to a comparison of 
the one or more attributes of the access candidate with the one or more access 
requirements associated with the second security level indicating that access to the 
second security level by the access candidate is not prohibited. • 

32. (Currently Amended) The article of manufacture of Claim 30, further comprising 
denying access to the second security level if the— resolution authority den ies 
auth orization the authorization for the request cannot be obtained . 

33. (Previously Presented) The article of manufacture of Claim 30, wherein the one 
or more attributes of the access candidate is represented as part of a graphical display 
associated with the access candidate and accessed for display via a network. 



34. (Previously Presented) The article of manufacture of Claim 30, wherein the one 
•or more access requirements associated with the first security level relates to at least one 
of: a valid data access agreement with the access candidate; a current location of the 
access candidate; or a citizenship status of the access candidate. 



35. (Previously Presented) The article of manufacture of Claim 34, wherein the one 
or more attributes of the access candidate relates to at least one of: an indication of 
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whether the access candidate has a data access agreement; a current location of the 
access candidate; or a citizenship status of the access candidate. 

36. , (Previously Presented) The article of manufacture of Claim 30, wherein the one 
or.more access requirements associated with the second security level relates to at least 
one of a current location of the access candidate or a citizenship status of the access 
candidate. 

37. (Previously Presented) The article of manufacture of Claim 30, wherein at least 
one of the request for access to the first security level or the request for access to the 
second security level is submitted by one or more sponsors. 

38. ~ (Previously Presented) The method as in claim 1, further comprising granting a 
waiver of the access requirements. 

39. (Cancelled) 

40. (Cancelled) 

41. (Currently Amended) The method of claim 1, further comprising receiving 
supplemental evidence verifying the th e attribut es o f th e access candidate attributes . 

42. (Previously Presented) The system of claim 15, wherein the data subsets are 
separated into the at least one data class based on a data provider of the data. 

43. (Previously Presented) The method of claim 15, wherein the physical access 
comprises physical access to a facility housing the computer workstation. 

44. (Previously Presented) The method of claim 15, wherein the physical access 
comprises logging on to the computer workstation. 
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